Tag Archives: cyber security for government suppliers

The one-stop guide to cyber security advice (Part 2)

 

 

 

 

 

 

 

 

Last month we published the first of a two-part series on the best cyber security guides and articles on the web. It covered advice on educating your employees about cyber security, guidance for the board and tips for small and micro businesses.

The article was written for anyone increasingly concerned about the threat to their data and looking for advice – you can re-visit part-one here.

This month, in part-two, we point our lens at ransomware, the insider threat, guidance for suppliers to HM Government and there’s even a plain English guide to all that cyber security jargon. Continue reading “The one-stop guide to cyber security advice (Part 2)” »

avatar

Ben Wheeler

Ascentor marketing and content editor.

More Posts

Share

How to prepare your company for achieving List X

Top secret file

 

 

 

 

 

 

 

 

Here at Ascentor we get many companies asking us how they can become a List X company. The answer is always the same – it is not something that you can just do; you must have a contract, usually with the MOD, that requires you to hold sensitive government assets on your own premises. However, there are a few things you can do to prepare if you think a contract may be forthcoming.

This blog aims to give you a few hints and tips about some pragmatic steps you can take to get you up and running as a List X company much quicker. Continue reading “How to prepare your company for achieving List X” »

avatar

Paddy Keating

Director and Government Service Manager at Ascentor

More Posts

Follow Me:
Twitter

Share

Ascentor expands capabilities on Digital Outcomes and Specialists 2

Digita

 

 

 

 

 

 

 

 

Public sector organisations, agencies and associated bodies can now buy more Ascentor services through the Digital Outcomes and Specialists (DOS) Framework.

Ascentor’s cyber security and information assurance consultants have a background in government security and extensive experience in a variety of Information Assurance (IA) disciplines. In the second iteration of the DOS framework, Ascentor’s Digital Outcomes capabilities cover a range of security topics – IA certification, policy, threat modelling, risk management, infrastructure reviews and firewall audits. We can also offer project management, and process and system auditing. Continue reading “Ascentor expands capabilities on Digital Outcomes and Specialists 2” »

avatar

Ben Wheeler

Ascentor marketing and content editor.

More Posts

Share

Supply Chain Cyber Security – defeating the weakest link (Part 1)

Cyber chain 2

 

 

 

 

 

 

 

 

It’s an everyday story but it could happen in your business – right under your nose and far more easily than you could have imagined. Who’d have thought that a contractor would cost millions in lost revenue and nearly bring the business to its knees? But that’s what a weak link in your supply chain cyber security can do.

Picture the scene… Brian parks in the street around the corner from work and walks down the side of his company building. The back door, propped half open by the fire extinguisher, makes entry a breeze. He takes off his balaclava and walks down the corridor to the server room. Brian provides IT support to this and other local companies and, as IT system administrator, he has the keys to the server room door… Continue reading “Supply Chain Cyber Security – defeating the weakest link (Part 1)” »

avatar

Steve Maddison

Director and Principal Consultant

More Posts

Share

Reflections on CyberUK in Practice – CESG’s government security conference

CyberUK

 

 

 

 

 

 

 

Ascentor went to the ‘CyberUK in Practice’ event in Liverpool on the 24th and 25th May, organised by CESG. Bringing government, industry and the wider public sector together, the event addressed how we can collectively make the UK safer online.

Over 900 delegates attended, with 60 speakers from government and industry. There was no shortage of topics covered and new developments shared. Indeed, Alex Dewdney, Director of Cyber Security at GCHQ described the event as a ‘step change in how government does cyber security.’

So, with a little time to reflect on the event, we’ve summarised what we thought were the main cyber security discussion points for government and industry. Continue reading “Reflections on CyberUK in Practice – CESG’s government security conference” »

avatar

Ben Wheeler

Ascentor marketing and content editor.

More Posts

Share

Cutting through the confusion: Government Information Assurance changes explained (part 3 of 3)

Lost and confused signpost

 

 

 

 

 

 

 

Part 3 of 3. This is the third in a series of blog articles where Ascentor discusses some of the recent UK Government Information Assurance changes – and what they mean for you.

Written to be concise, they explain the essential ‘need to know’ facts and implications with links to read further should you wish.

This time our lens has a European focus as we cover two EU regulations that could have a significant impact on the protection of UK data.

In part 3 of the series, we look at:

  • Safe Harbor and Privacy Shield
  • The EU General Data Protection Regulation (GDPR)
  • The Certified Cyber Security Consultancy (CCSC) scheme

Continue reading “Cutting through the confusion: Government Information Assurance changes explained (part 3 of 3)” »

avatar

Ben Wheeler

Ascentor marketing and content editor.

More Posts

Share

2016 cyber security predictions for government organisations and the supply chain

Cyber Security predictions

 

 

 

 

 

 

 

2015 was the year in which Minister for the Cabinet Office Matthew Hancock described cyber attacks on government systems as “constant and relentless”. Speaking at IA15 in November, it emerged that an average of 33,000 malicious emails were being blocked at the gateway every month. If ever there was evidence that government systems are just as under threat as those in commercial organisations – this was it.

2016 will bring big changes that affect how the supply chain prepares itself for doing business with government. What’s more, government is moving towards a more shared digital cloud platform.

In this climate of on-going threat and change, we look ahead at what might happen – raising some of the cyber security issues on the horizon for government and the supply chain. Continue reading “2016 cyber security predictions for government organisations and the supply chain” »

avatar

Ben Wheeler

Ascentor marketing and content editor.

More Posts

Share

MOD Suppliers – the new Cyber Essentials requirements explained

Cyber Essentials logo with caption

 

 

 

 

 

 

 

For suppliers to the MOD, change is coming. The planned roll out of CSM in August of 2016 has been delayed. We are now expecting the Cyber Security Model (CSM) to be rolled out to large suppliers from January 2017 – with a full launch by April. FATS (a commercial MOD framework) will also go live in April and it is expected to include the contractual aspects of CSM.

To be compliant with the requirements of the CSM, the MOD supply chain will need Cyber Essentials or Cyber Essentials Plus and have information security governance policies in place. 

Ascentor strongly recommend that defence industry companies prepare for CSM by gaining certification to Cyber Essentials in advance – so they are ready to respond to the new contract requirements. In our experience, the larger the business, the more complex and time consuming the process. Don’t delay and put future contracts at risk.

For assistance on any aspect of CSM or Cyber Essentials, please contact Dave James at Ascentor [email protected]

The following article will tell you more about the CSM…


For suppliers to the MOD bidding for new contracts advertised from January 1st 2016 – there is a new MOD requirement you’ll need to know.

Check to see if the contract involves the transfer of MOD identifiable information from customer to supplier, or the generation of information by a supplier specifically in support of the MOD contract.

If the answer is yes, you and any subcontractors must have achieved Cyber Essentials certification by the contract start date. Continue reading “MOD Suppliers – the new Cyber Essentials requirements explained” »

avatar

Ben Wheeler

Ascentor marketing and content editor.

More Posts

Share

IA15: Public trust in networks and data depends on security

IA15 UK Government's Cyber Security and Information Assurance event

 

 

 

 

 

 

 

Ascentor’s Steve Penny and Paul Trethewey attended the IA15 event in London on the 9th and 10th November where Ascentor was also an event sponsor. Hosted by GCHQ, it was HM Government’s principal event for briefing the UK’s information security leaders. In a year that has seen bigger and more frequent security breaches, the event focused on a topic at the core of Ascentor’s work – the implementation of effective cyber security in our public services.

This high level event drew a number of prominent speakers from government, academia and industry. We were expecting to hear high calibre and thought provoking debates, and that’s exactly what we got, starting with the opening keynote address by Matthew Hancock, Minister for the Cabinet Office and Paymaster General.  Continue reading “IA15: Public trust in networks and data depends on security” »

avatar

Ben Wheeler

Ascentor marketing and content editor.

More Posts

Share

Cutting through the confusion: Government Information Assurance changes explained (part 2 of 3)

Confusion image

 

 

 

 

 

 

 

Part 2 of 3. This is the second in a series of blog articles where Ascentor discuss some of the recent UK Government Information Assurance changes – and what they mean for you.

Written to be concise, they explain the essential ‘need to know’ facts and implications with links to read further should you wish.

In part 2 of the series, we look at:

  • Cyber Essentials
  • The Cyber Security Model (CSM) of the Defence Cyber Protection Partnership (DCPP)
  • The new PSN Compliance process

Continue reading “Cutting through the confusion: Government Information Assurance changes explained (part 2 of 3)” »

avatar

Paddy Keating

Director and Government Service Manager at Ascentor

More Posts

Follow Me:
Twitter

Share